Oracle released Java 7 update 11 (Java 7u11) on Sunday following a warning from the U.S. Computer Emergency Readiness Team (US-CERT) advising users to disable the software due to a serious and previously unknown security vulnerability. Even with the available fix, CERT, part of the Department of Homeland Security, is still advising users to disable Java on their systems unless running the software is "absolutely necessary."

The so-called Zero Day flaw was actively being used to secretly install malware on systems of unsuspecting victims and the exploit affected Windows, Mac, and Linux users, according to CERT's security bulletin. The vulnerability affects versions of Java 7, and does not apply to Java 6.

What Java 7u11 does

The biggest change for users with the newest version of Java is that now all unsigned Java applets and Web start applications are click-to-run. This means you must explicitly authorize Java to run in your browser nearly every time you come across Java on the Web. Java is a cross-platform programming language often used online for Web content and applications such as games and interactive charts. Oracle's vulnerability fix affects only users running Java in their browsers, and does not apply to servers, desktop applications, or embedded Java apps.

Oracle is also calling on users to update their systems as soon as possible. "Due to the severity of these vulnerabilities," Oracle's security alert reads. "Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible."

Oracle's latest Java snafu is prompting calls by some to completely rewrite Java from the ground up due to its popularity as a way to attack PCs. The latest Java vulnerability comes close to five months after Oracle released updates to Java for three major security holes in late August, two of which were actively being used by malicious hackers.

If you'd like to disable Java just in a specific browser, here's how to do it:

Chrome: type Chrome://plugins into the address bar and hit enter. Look for the Java plugin and click the "Disable" link.

Firefox: click on the orange Firefox button on the left and select "Add-ons." Then in the page that opens select "Plugins" from the left-hand side. Look for the Java platform plugin and click the disable button.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.